Five Considerations for Selecting a Consumer Authentication Vendor

In today's mobile-first world, consumer authentication is driven by the need of having a smooth user experience. Of course, it has to be secure and tick all of the boxes for privacy and regulation but when I talk with clients, both authentication vendors and service providers, they all say that the number one priority is having a great user experience (UX). If the authentication user experience fails then customers will simply walk away and go somewhere else or choose an alternative payment method.

I was recently asked to create a white paper for RSA and EyeVerify on key considerations for selecting a consumer authentication vendor. I identified five key considerations:

1. Consumer choice
2. Convenience
3. Demonstrable fraud reduction
4. Meeting a 'mobile first' strategy'
5. Regulation compliance

These five considerations are powerful criteria for organizations when assessing authentication solutions and vendors.

Consumers must be given a choice of convenient, easy to use authentication services. The availability of a wide range of device-based authentication technologies including multiple biometric solutions supports this requirement. Convenience and consumer choice can also be combined in a well-designed consumer authentication solution. The combination of risk based authentication (RBA) and mobile biometric authentication services (MBAS) can meet this criteria. Risk based authentication can meet a good percentage of normal authentication scenarios and mobile biometrics can be applied to authentication scenarios that require further ‘proof’ of true identity; a combination of frictionless and friction-light authentication.

Service providers are increasingly pressured to support legacy service channels including physical (bank branch and retail store) and telephony at the same time as evolving their offering to work across a wide range of new technology, first web, now mobile and moving swiftly into the Internet of Things (IoT). When choosing an agile technology partner that can support multiple delivery channels, omnichannel support, an organization must ensure that they choose an authentication solution that can operate across a wide range of these channels. The mobile first strategy can allow organizations to design and deploy effective authentication services that meet this consideration.

Fraud is rising in all sectors. A consumer authentication vendor must be able to demonstrate fraud reduction as a result of deploying the chosen authentication solution – measurable and tangible fraud reduction benefits.

Around the world, regulatory powers are adapting existing regulation or introducing new ones to ensure that consumers are protected when using the latest digital services. A trusted technology partner must be able to demonstrate:

1. It can help organizations address the latest federal and industry regulations; and
2. It actively participates in influencing regulatory bodies to ensure that convenience and ease of use are not sacrificed at the expense of over rigid security requirements.

Getting the balance between security and convenience is an essential ingredient in supporting flexible digital service delivery.

To read the white paper in full, you can download it from the Goode Intelligence website here.

Thank you - Alan

Moving from what I carry to what I wear - wearable technology brings biometric authentication closer to us

Biometrics has been creating a tremendous amount of buzz this week at two separate shows, one in Paris - CARTES 2014 - the other in Las Vegas - Money 20/20. Innovative biometric technology vendors such as EyeVerify (Eye Vein) and Agnitio (Voice) have been demonstrating how their respective technologies can bring convenient user authentication to smart mobile devices for a wide range of use cases including banking and payments.

The financial services industry is increasingly turning to biometric technology to solve a number of problems including how to conveniently authenticate mobile banking and payment customers and how to add strong authentication to previously un-authenticated contactless payments (both card and mobile) at the physical point of sale without adding friction to a currently speedy process. The latter point would enable higher value transactions to be supported when using contactless technology - currently shoppers are restricted to around $20,00 per transaction. Zwipe, a biometric card technology company, is partnering with MasterCard to extend its trial for fingerprint biometric authenticated payments for contactless payments. It also solves the problem of what if I lose a contactless payment or transit card that doesn't authenticate people when they use them.

MasterCard is also partnering with another innovative technology company in Canada, They are teaming with the Royal Bank of Canada (RBC) and Bionym, the company behind the Nymi electrocardiogram (ECG) band, to test  electrocardiogram-authenticated payments by the end of this year. The use of wearable devices for biometric authentication is set to rapidly expand over the next five-to-six years. Not only will you have sole-purpose wearables (like the Nymi), being used for biometric authentication purposes but biometric sensors and software technology will also be integrated into consumer wearable technology to sit alongside health and lifestyle applications. The creation of biometric platforms and freely available APIs will accelerate the integration of biometrics technology into a wide range of wearable technology.

The ability to leverage multiple sensors that are continuously collecting biometric data from us will revolutionize how humans are identified to a wide range of digital services and led to synergies between physical and cyber worlds. From opening up my front door and locking my car to waking up my desktop and authorising a wire transfer (BTW I am not a techno-utopian - I know that it will be extremely difficult to have the one digital identity on the single device that can be asserted across all of my connected devices and assets).

Instead of people typing in a remembered PIN, password or OTP generated by a hardware token, their identity shall be presented to connected devices through a combination of biometric data and behavioural analysis. Instead of presenting a finger to unlock an iPhone or to make a payment using a biometric card, wearable devices allow continuous biometric feedback from its owner - something that could be very powerful and potentially much more difficult to spoof or hack. It also becomes hygiene - I know that it is there and I know that it is keeping my digital and physical assets safe and secure but it is definitely not obtrusive and annoying like remembering where I put my token or unlocking my personal safe to get hold of my bulky black book of passwords (that is getting thicker and tattier by the day).

These trends are happening at an incredible pace and as a result I have decided to update a report I wrote originally published in June 2014. The report, "mobile and wearable biometric authentication market analysis and forecasts 2014-2019" has been updated with revised forecasts for wearable biometrics authentication users and reflects new market activity such as Apple Pay. The report forecasts that by 2019 there will be 604 million users of wearable biometric authentication solutions.

If you want to know more about this research or talk to me about this blog then I would love to hear from you. Contact me through the website www.goodeintelligence.com.

Thanks for reading. Alan